Hacker News new | past | comments | ask | show | jobs | submit login
A demonstration of browser events used to monitor online behaviour (clickclickclick.click)
560 points by jameswiseman on Nov 18, 2016 | hide | past | web | favorite | 165 comments

This reminded me that notch web game[1]. Both kept me interested and I find them a very pleasant form of art.

[1] http://game.notch.net/drowning/

Surprised no one has mentioned Cookie Clicker yet, which I think was what inspired notch to write that game: http://orteil.dashnet.org/cookieclicker/

Notch's game was written in Dart and the source code is simple and elegant:


Candy box [1] was actually the original IIRC, or at least the one that came before the drowning and cookie clicker and was the inspiration for them. Also check out Candy Box 2 [2] which is honestly a full game.

[1] http://candies.aniwey.net/

[2] http://candybox2.net/

Thanks for effectively killing my productivity with that cookie clicker game.

Cookies are stupid, kill monsters instead in Clicker Heroes!


(Once you understand the meta-game and the meta-meta-game, it becomes seriously addicting)

Finally, a use for my triple-click mouse button!

Coolermaster Inferno, by any chance?

Reminds me of Vito Acconci's "Theme Song" from 1973: https://www.youtube.com/watch?v=mAf6zKRb1wI

Wait till you try Clicking Bad


Making and selling Meth is surprisingly addicting.

For anyone curious...

  Game.ClickCookie(null, 100);
Gives you 100 cookies.

There is no limit to the number you can input.

reminded me of The Stanley Parable.

if anyone was humored, intrigued, or moved by either this or Notch's "drowning".... you will love The Stanley Parable. don't do any Googling or reading on it before you play though. go in blind. i wish i could play it again for the first time.

The Stanley Parable is literally one of my favorite things ever.

I have no idea what the Stanley Parable is. So without googling it, how should one find it to play?

Go buy it on Steam!


It really was amazing especially that part where .... nah I'm kidding! not gonna spoil it for everyone it's too good :D

This is fantastic. I got so caught up in trying to advance through the stages I ended up dead before i even knew it. It seems dumb to have not seen that coming but you seriously do get caught up in the small details of each requirement for each advancement that the big picture sort of fades away.

> I got so caught up in trying to advance through the stages I ended up dead before i even knew it.

Who doesn't these days?

I had a lot of fun automate this game and see the results.

setInterval(function() {document.getElementsByTagName("a")[Math.floor(Math.random() * document.getElementsByTagName("a").length)].click()}, 5000)

or may be this: window.setInterval(function(){ [].forEach.call(document.querySelectorAll('a'), function (el){el.click();});},500)

It's funny to see the different variations. I used: `var x = setInterval(() => { for (element of document.getElementsByTagName('a')) { element.click() } }, 1000);`

My desire to powergame this made the ending all the more tragic. I should rethink a few things i guess.

I wrote a python script to play it for me. Not sure what that says about me :)

Got it!

For those of you who want to play the game without the delays:

- Open drowninginproblems.dart.js in the Sources tab

- Verify you can type in the .js file; if you can't, right-click, Add Folder to Workspace, add any/new empty folder

- Change the ">" to a "<" on line 3753 so it says "if(x<1)this.Hk()" and ^S

Seems to work. The JS debugging in devtools nowadays is awesome, this is first time I've ever seriously used it. Imagine if we were still stuck with IE6 and Notepad. lol

For anyone who wants to play around, line 6950 in :formatted is where to start. this.zo.Fq seems to have the delay value in it, but I was unable to figure out where this came from.


Also, here's a simple oneliner to autoplay the game - which works equally well regardless of whether you do the above (in fact it looks really cool with the percentage counter left in):

  i = window.setInterval(() => {document.querySelectorAll('a').forEach(a => 
   { a.click() })}, 1200);
Has no fancy features like click randomization or smooth delays (it clicks all the buttons at once, every 1.2 seconds) but this fits in one line.

Stops it.

Edit: I just noticed that the source code is actually available. Ah well.

This was surprisingly moving! notch is truly talented.

Great game. This is on the similar lines like the SIMS and both of them are different implementations of the 'life simulator' approach.

Who else feels a sense of horrible dread and frustration that every minutiae of my (and your) online activity is recorded for eternity and exploited to the fullest extent?

What are you going to do about it?

I behave online with the understanding that my behaviour is essentially public.

PS - how come all website product recommendations still suck? Data collection is rather ahead of data usage it seems...

Oh, yes, the algorithms supposed to target you specifically are often quite bad and annoying. For example on Amazon, when you just bought a coffee machine, your recommendations will show you a bunch of coffee machines. Well, I just made a choice and ordered a coffee machine, I am not going to buy another one for quite some time.

Bad for you != bad for the advertiser, and bad for the advertiser is not necessarily correlated to annoying to you.

While your particular case may need just one coffee machine, there are other scenarios. If you just bought a coffee machine, perhaps it will be defective and you'll need a replacement. Perhaps you didn't know about the one they're showing you and will return the first one to buy this one. Perhaps you are just getting into this coffee stuff and realize that a second one for the office would be nice. Perhaps you're buying a few to compare them.

It could be rational to show you the ad instead of a random individual if the sum of these scenarios is greater than the rate at which random individuals buy coffee machines.

Or, yeah, it could be that their ad-showing algorithm just tells them you have the word "coffee" in your recent browsing history.

> website product recommendations still suck

Targeted advertising isn't about giving you good recommendations. It's about advertisers picking which demographic they want to influence. It may be presented as a "recommendation", but it's still an ad.

It's also heavily weighted by what they want you to buy: over-stock, higher margins, last year's models.

> I behave online with the understanding that my behaviour is essentially public.

Also assume that the connection between any and all pseudonyms used only is public knowledge. Because it is.


Not really horrified. Yes they save it, but they don't seem to be able to use it well. The ads I get on Facebook are sometimes really interesting (i.e. targeted well), on other pages it's mostly stuff I bought a while ago or topics where I don't even have a clue why they think that could be interesting.

And even though they can save it forever, it's outdated pretty quickly. If someone has information that I clicked a button 5 times when I visited a page in '09, this will have zero value now. The information is only valid for hours or days.

I guess most of this information is used to test behavior on pages and to optimize them. And I can only support that. Tracking like this is the reason why popular pages are intuitive. They perform A/B testing extensively to see what works best. I don't see an issue with that.

But the goal of that optimization is not to make your life better, it's to make money for them.

They may be pretty bad at it now, but one thing about technology is that it gets better and better, and their goal is to encourage consumption of their product.

I'm thinking about buying a new laptop right now. I'm trying to make a smart choice, weighing the funds I have available, my need for it, the options available, my preferences for various brands and features, and my own desire to have new shiny stuff.

The advertisers can distort this rational decision. Right now they just have a poorly-targeted generic bit of text that I don't really read in the sidebar of certain websites, and I feel comfortable with this level of influence. If they were super-persuasive at selling their product to me Present Me would consider that theft. Future Me would probably be grateful to the advertiser, and that's terrifying.

A Self-Driving, Self-Selling Tesla might show up at my door, perform an inspection of my current car, and, in its silky voice, deliver an irrefutable argument why I must never get in that car again and should instead hop in for a free ride across state lines so I can take out a home equity loan and cash in my 401k to buy it. Yikes!

The optimistic side of this is that maybe they'll eventually move beyond market research and on to individual research to give us stuff that we actually want. "Oh, LeifCarrotson is filtering out our 1366x768 TN panels, doesn't seem to care about thickness, has recently read about the Samsung 960 Pro? Let's build him one with a big 9-cell battery and longer travel keyboard, a good screen, and one of those SSDs. And he seems to be running Linux? Let's swap our default touchpad for one with an open driver, and donate a few percent of the profits to the EFF, that's sure to make him happy."

> But the goal of that optimization is not to make your life better, it's to make money for them.

I don't pay to use services online. They somehow have to make money. Until we start donating/paying for each service we use, we have to expect that people will make money otherwise.

I'm not even talking about the free services, though.

I am talking about the ordinary consumer goods manufacturers that buy the ad space that may or may not be sold on free online services. They're the ones who want that ad space, who benefit from the targeting, and who make the whole operation work.

The "how" they make money and how they secure, anonymize and to whom they share it are all important considerations that are almost exclusively(there are exceptions) never divulged.

> they don't seem to be able to use it well

You are implicitly assuming that this won't change. Databases persist indefinitely.

> The information is only valid for hours or days.

This simply isn't true. You seem to be only thinking about single data points, not the entire picture about your life that is painted when you aggregate that all of the captured data. For example, timestamps of your clicks build a pattern about when you use your computer, and the domain names you have visited (including the order you visited them) probably gives a reasonably accurate estimation of your political views, personal beliefs, and other data that you haven't shared on the web. (Bayesian analysis, machine learning, and other modern analysis methods do amazing things with minimal data)

> I guess

It might be a good idea to not base your risk analysis on a guess. If you have no other option and have guess the level of risk, you should be assume the worse. Assuming benevolence (or incompetence) without evidence is incredibly foolish.

>>Databases persist indefinitely.

They can, but most don't, simply because it's not worth the effort and expense.

From personal experience as a DBA: the effort usually consists of not deleting rows out of the database. The expense is a few cents a month for gigabytes of data.

Worst case scenario, the companies will simply set up a separate data warehouse style data store, and make it available to anyone who wants it internally. If we as consumers are lucky, they will scrub the data of PII before moving it to the data warehouse.

Worst case scenario must include if they find a market for the data, similarl to the recent AT&T revelations.

Pick your source:


They will probably put it in some archive where they delete it after 10 years. Or they keep it somewhere on a drive where it could be accessed but will never be, since no one has a reason to use the data.

> they don't seem to be able to use it well

Or they are intentionally dialing back on the accuracy.

Being too accurate in your advertising is like delving into the uncanny valley of CGI. It gets spooky and makes people intentionally shy away from your products.

So, perhaps they're following the same trajectory as CGI: adding intentional inaccuracy to mask their actual targeted ads. If I saw the one thing I wanted in a lineup of four other poorly targeted ads, I'd be less likely to consider it as spooky, and more likely to treat it as I would any other advertisement. These companies follow you around the internet for years, after all. They can afford to play a long game.

Or it's just my tinfoil hat. Either way.

> too accurate in your advertising is like delving into the uncanny valley

This isn't speculation - it's standard practice now in some companies to try to avoid "scaring" the customer with something that reveals how much modern advertising looks like a stalker. A well known example is Target when they discovered[1] they could predict pregnancies very early and very accurately:

    At which point someone asked an important question:
    How are women going to react when they figure out
    how much Target knows?

    “If we send someone a catalog and say, ‘Congratulations
    on your first child!’ and they’ve never told us they’re
    pregnant, that’s going to make some people uncomfortable,”
    Pole told me. “We are very conservative about compliance
    with all privacy laws. But even if you’re following the
    law, you can do things where people get queasy.”
The article then tells the story of the time an angry father stormed into Target after the company had sent ads for maternity clothing and nursery furniture to his high-school age daughter. He was angry what he thought was an attempt to coerce his daughter, but later apologized when he discovered that Target was right.

We now live in a world where it businesses can infer significant attributes like pregnancy from subtle changes in their buying patterns. When stalker-like behavior is built into modern business models, the smarter businesses realize that most people will hate you if you act like a creepy spy.

[1] http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...

I sometimes wonder if I should be more concerned with privacy and my data than I am. I don't engage in risky behaviors, and use mailinator as much as possible. But I also have nothing to hide, and rarely share anything critical apart from cc# with amazon. If they want to know how often I show up and track events, I couldn't care less. I suppose it's good more people know what they're capable of. I know people who think they need to go Snowden when they're daily life is just finding answers on Stack Overflow and watching Joe Rogan on YouTube.

Horrible dread? Can't say I do. If I get a relevant ad from a keyword in my email, that seems like a pretty minor event in my life.

You do know that the ad won't necessarily be relevant to you, right? The ads will be "relevant" according to the advertisers who think you're the kind of target they want to trick into buying their product.

Regarding that "minor event": it is minor in isolation, but the point is that you are generating a large amount of those events that are being aggregated into databases where they are unlikely to be deleted. The ad(s) you might get isn't important. What you should be concerned about is the detailed pattern-of-life analysis that can be done at any time in the future by anybody that buys a copy of that database.

>You do know that the ad won't necessarily be relevant to you, right?

Perhaps, but I don't really see the difference in the end. Anecdotally, I see ads for IntelliJ IDEA because I look up a lot of coding-related things. So does it matter that I'm getting this ad because Google's ad network has decided I like coding, or because IntelliJ selected some parameters and said "send this ad to coders"?

The goal of either operator would be to send me an ad they think I'm most likely to click on, and so from the user perspective it's indistinguishable where the ad is actually directed from.

>Regarding that "minor event": it is minor in isolation, but the point is that you are generating a large amount of those events that are being aggregated into databases where they are unlikely to be deleted.

Alright, here's the thing. I don't love the idea of tracking but I'm not repulsed by it either. I always see "tracking is evil!" as if it's the final say on the matter, especially on this website. But I've yet to see a convincing argument that it's something which I should be actively concerned about, or that it's something making my life worse in any way.

Often what I see is people using emotional words like "surveillance", when really we're talking about a computer algorithm that matches ads with interests groups. It inspires imagery of somebody watching you through your computer which I suspect is the point. This sort of language strikes me as hyperbolic, and in some cases dishonest.

I realize this is outside the scope of your original comment, but understand that when making claims like "tracking is evil", or some variation of that view, unless there's something tangible to point to and say "this is how it makes your life worse", it just doesn't register on my radar.

It might be easy to dismiss that view as short-sighted, but ultimately I consider it more pragmatic than placing ethical stances on what seems to be largely speculative concerns. Why would an ad company sell user data when that's their entire competitive advantage? In the case of Google (and I suspect most others), their privacy policy explicitly prohibit them from selling user data.

Ultimately I find that technology improves my life in many ways, and I try not to fear it unless I see a real cause for concern. And on this particular issue I haven't seen that yet.

They're used to develop accurate psychological profiles, which are then exploited by government agencies, data aggregators, etc.

I find surveillance economy to be worrying, because while it makes the market efficient, it makes government too efficient and allows for bad behaviors on the part of marketers (eg, targeting addiction susceptible people via "machine learning" for deniability).

Leaking my personal information to pay for websites isn't economics I like.

> making my life worse

> technology improves my life in many ways

First of all, it might not be about you. If you are privileged enough to not have to worry about being the target of prejudices, hatred, or the occasional witch hunt, then you might not see the necessity of keeping secrets. Some people are not that lucky.

> making my life worse

It probably isn't making your life worse at the moment. Right now we have barely scratched the surface of what is possible. Most of the current uses are fairly benign (such as ads). The concern isn't about current uses. The problem is the open-ended risk of anyone abusing that data in the future.

You are essentially making the bet that either 1) nobody will ever invent a use of your data that is harmful to you, or 2) nobody will ever abuse your data, or 3) that your data won't actually live forever. Clause 1 is already broken in some areas, clause 2 denies human nature, and clause 3 has a lot of evidence suggesting data rarely disappears.

> something tangible

Ok, lets consider insurance companies and/or banks. These businesses would really like more to get their hands on data that could give them excuses to raise your rates, deny your loan or insurance coverage. Sure, we have laws and regulations that theoretically prevent some types of data from being used. The legal situation becomes less clear when none of the prohibited data is used directly but it can be inferred from other types of data that is.

If you think this is a theoretical concern, then you need to read about the deplorable practice known as "redlining"[1], where data was used as a cover for racial hatred and forced segregation. We already see problems with various types of data being used in police work and judicial situations where certain combinations of "unrelated" data is actually a reasonable proxy for race.

Can you say with certainty that a future insurance company won't be able to take all of the data points you've been generating in ad networks - with absolutely no "PII" - and find some pattern in your history that can be used as a reason to raise your rates? Or deny coverage? This is only one stupid example; it will be a lot more subtle as we learn new analysis methods and creative data manipulation methods.

However, you asked for something tangible, so you should look at this[2] map of Amsterdam. Each black dot on the map represents 10 Jews. The Nazis commissioned this map from the local civil servants that managed the census data. I doubt they thought that their recent change to the census to include a question asking for religious affiliation could ever be dangerous. 3/4 of the dots on that map were murdered in the camps. Yes, this is an extreme example. I hope ad tracing data won't end up being used for that level of evil. Unfortunately, there are a lot of possibilities between "serving an ad" and "genocide", even though they are both data problems.

> Why would an ad company sell user data when that's their entire competitive advantage?

Selling data can become another source of revenue if the company has significant financial problems. Given the recent-ish trend of companies to agglutinate into a single power (or small group of powers), the transfer of data might be "internal" instead of a sale. Also, you're assuming it would be the ad companies choice; bankruptcy courts may see it as a valuable asset to be liquidated, and governments may simply take the data using various methods.

[1] https://en.wikipedia.org/wiki/Redlining

[2] https://www.verzetsmuseum.org/uploads/archive/museum/topstuk...

Interesting points, thanks for sharing.

>you might not see the necessity of keeping secrets

I wanted to address this first. I'm not a believer in "you have nothing to hide if you're not doing anything wrong", so I can appreciate the argument that some people may be more vulnerable than others. For instance whistle blowers that may need to maintain anonymity in all situations.

In these cases however, I believe some responsibility lies to those at risk to opt out of appropriate settings, or avoid using services that require tracking. Similarly, responsibility exists for the companies involved to make those opt-outs accessible, and to not use misleading language.

>Ok, lets consider insurance companies and/or banks. These businesses would really like more to get their hands on data that could give them excuses to raise your rates, deny your loan or insurance coverage.

As you said, laws do exist to protect the user against discrimination in these cases. If there's ways for companies to route around it then I'm not familiar with them, but I would imagine that opens them up to the potential of being heavily fined.

>If you think this is a theoretical concern, then you need to read about the deplorable practice known as "redlining", where data was used as a cover for racial hatred and forced segregation.

This is a good example, and certainly drives your point home. I agree it's absolutely a concern how data is collected in cases such as these. That said, open data can also be used for good. Consider medical studies that can look at entire populations for trends, or data that can help inform governments to the pain points in their region. My takeaway is that we need to be very careful about how data is aggregated and anonymized to avoid this sort of targeting.

So on that point I don't necessarily disagree with you, but my stance is that we shouldn't throw the baby away with the bathwater. Like any tool, data collection can be used for good or evil. We should be concerned with how we enable its use for evil rather than demonize the tool itself.

Your point is quite valid about using data for financial decisions and underwriting which is in-fact already happening in a lot of scenarios.

It's true that everything that can be recorded will be recorded, but the actual way to not bring attention to you is to let everything be recorded. NoScript/Ghostery/etc users are actually the outliers. Similar to what happens with Tor.

I can find relief in the fact that it's extremely unlikely someone will look for your specific data because of the sheer volume of it. Website owners will just look at some charts and metrics in their analytics platform and that's it.

Disable cookies and javascript. Use a decent browser such as Firefox, Tor. Use ddg.gg to search. Solved.

If the fullest extent at which they can exploit my activities is to show me mostly irrelevant shit that I'll never buy, then I'm not worried about it. It's be like worrying about all those 'psychics' that pretend to know what you're thinking by repeating what you've just said back at you. Whatever power they find there is an exploitation of other peoples' careless ignorance, which is something I do dread on occasion.

Honest question.

I think, historically, most people have lived in very tight quarters, quite close to a lot of other people. Indeed, that's still true for many of us!

Some of these very 'always nearby' people would be family members and/or greatly trusted, but even one layer beyond that would be a lot of people who we would consider acquaintances today.

My question: isn't it possible that the amount of privacy some people had in the last couple of centuries was rather anomalous? That our default level of privacy has always been very low.

Edit: To be clear, I do not intend to minimize the value of privacy, whether it's a recent thing or not. However, some historical context is, I believe, useful.

To state it another way: isn't it possible that the amount of freedom some people had in the last couple of centuries was rather anomalous? That our default level of freedom has always been very low?

I would posit both your and my "questions" are true. Does that truth make it any less worth fighting for? One might even argue, there is no such thing as freedom without privacy.

Well stated. We are in 'violent' agreement.

This is true for many things though. Isn't it true that the level of healthcare available recently is rather anomalous, historically speaking? Or the quantity of food available?

Technology can grant us advantages if we allow it. It can also take them away.

Very true! I didn't mean to minimize the value of privacy, whether it's a relatively new thing or not; some historical context is useful though.

There is an important difference. This transparency applied to the most of the people - everyone was transparent, except some exceptional people.

In many parts of the world we have lived already about two hundred years with expectation to high level privacy.

I agree; it's an interesting perspective.

It motivates me to use lynx to surf or go to a library to read, and to some local store for music and books. The future looks marvellously humane.

The Internet = other people's computers

Disable JavaScript is the first right step.

Monitoring and optimizing human behavior is what I do for a living so . . . I'm going to do more of the same.

Maybe it's time to accept that we are ems.

Well the site doesn't even work if you have NoScript, which is the bare minimum to have...

I wouldn't consider it bare minimum. Most of the web is broken with NoScript installed.

> Most of the web is broken with NoScript installed.

More accurately, most of the web is broken, whether or not NoScript is installed — it's just that you can see that it's broken when NoScript is installed.

I consider it a feature, more times than not. Google's anticipating my search, flash heavy eye-candy/media and numerous unaffiliated servers baked into web pages all clog my 1mb connection and make my browser run like molasses. How many Targetimg cdn's does it take to display a single product page? Last I checked it was 4, plus a half-dozen or more other presumably ad servers. I choose not to use many big retailers' sites b/c of it. Again, for me, that is a feature to keep them at bay from anything beyond our potential transactional relationship.


There is a difference though. I can selectively turn things on / off.

If I have to turn on >5 websites to see the content it suddenly has less value and I shrug and close

I really can't understand the people that browse the internet without JS. Like what's the point? JS is part of the web, deal with it.

Boring old argument again and again.

99% of the distraction, tracking, annoyance of the modern web are due to JS. Blocking it will not "break most sites", you can usually read just fine. Selectively allowing JS per domain works great. Try it, you might be surprised and not talk down to us anymore.

I am dealing with it by not visiting homepages that rely on JavaScript.

The point is I do not want a bunch of insecure code running on my computer just to read some text, which is what I usually do in a browser.

Maybe all you visit is blogs. But there are lots of websites that rely on JS in order to express their intentions. It's like watching a movie with the mute on because the english accents bothers you -and without the possibility of subtitles-.

It seems that for most sites that rely on JS, about ten percent is actually necessary and the remainder is useless advertising/tracking/analytics/fonts/social media buttons. NoScript, uMatrix etc. are really helpful here.

One could just as easily say "I'm not going to run JS unless I want to. Deal with it"

That part of the web hates the user so win win.

It looks like all the audio files are stored as numbered mp3's on AWS, so those interested can grab all of them pretty simply.

My personal favorite is the, "Oh, for fucks sake": https://s3-eu-west-1.amazonaws.com/clickclickclick.click/Voi...

There's a song as well: https://s3-eu-west-1.amazonaws.com/clickclickclick.click/Voi...

If you grabbed all of them, are you able to post a tarball or something somewhere? I'd like to listen to them but I don't want to make thousands of requests/downloads and rack up AWS charges for anyone.

For a moment I thought that it was the new Web Speech API.

Why do I know that song? Isn't it in Moulin Rouge or something?

Its a pretty old jazz standard by Nat King: https://en.wikipedia.org/wiki/Nature_Boy

There are tons of versions and variations of it

It does in fact show up in Moulin Rouge: https://www.youtube.com/watch?v=ekCvBztYs_A

It's Nature Boy, originally recorded by Nat King Cole. https://www.youtube.com/watch?v=Iq0XJCJ1Srw - it's one of those songs that's been recorded by a ton of artists from that era. I personally heard Ella Fitzgerald's version first.

I'm at work and a Dutch guy is speaking on the phone behind me, and then I hear this guy talk with a Dutch accent. It felt creepy as hell for a moment.

Thank goodness for devtools...

    for (var lazyisgood = 0; lazyisgood < 1000; lazyisgood++) { $('a.button').click(); }

Subject has run script to click on the button ten times within one second

this seems to have overwritten my session, I now have your score

Lucky I had it open in another browser


That's wow, you are geek. :D


I got "Subject has run script to click on the button 10 times in one second" by using xdotool click --delay 10 --repeat 100 1, wonder whether that's checking timing or just assuming nobody clicks that fast.

I got a legitimate "Subject clicked button 10 times in one second". I didn't use a script so I assume that it either is able to detect the source of the event, or it checks to make sure the time between clicks is not fixed.

Suspect it must be checking time, below didn't really trigger anything:

for (var i = 0; i < 30; i++) { setTimeout(()=> button.click(), Math.random()*1500) }

I wish bundle.js weren't minified, it could be fun to read.

http://unminify.com/ might help.

Haha. Well the narrator's accent betrays more than my mouse movements. could it be a dutch / danish white male in his late 20s?

Clearly a fairly strong Dutch accent.

I used HotJar and it's pretty cool to see the actual website and the user navigating.

This is a video of an actual recording a site owner will see: https://www.youtube.com/watch?v=3Odc4k4KXjc

I'm working on a similar project that aims to fully emulate the user's browser, http://screensquid.com

I'm kind of amazed at the amount of mouse movement.

I move mine a bit but that was all over the place!

Subject has clicked on the button nine times within one second.

Yup, ThinkPads with their dual mice (and mouse buttons!) are cool.

Subject has run script to click on the button ten times within one second.

"Wha--" * looks at xterm with "sleep 1; while true; do xdotool click 1; done" in it * "how did you--"

Subject has tried to drag the body.

"So I can't select now?!"

Then I ran one of the JavaScript excerpts in another comment which proceeded to make the page continuously open extra tabs (from other links). Task Manager to the rescue...

Doesn't seem to load on Safari/macOS. Console error:

    Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made.

What's the difference to the browser between "tripleclicking" the button and "clicking the button >X times in one second"?

ie: why did it respond that I "clicked the button seven times within one second" before it responded that I "tripleclicked the button for the first time"?

See this screenshot for reference: http://imgur.com/xhWHPQa

In Windows, at least, on your ie: sentence,

* Single click - nothing

* Double click - highlight word

* Triple click - highlight paragraph

funny, it can track/sync me from my "normal" chrome window over to the anonymous chrome window, anybody have a guess how it does that?

Did you copy and paste the URL? It adds an id on the end, it doesn't track me when I remove the id.

You sure it doesn't make you just think that it recognised you? Do you have all the same ID and the "achievements" in both? I started in Safari, switched to Chrome and the script said "Welcome Back" although everything looked like the script made a new profile.

I would guess IP Address is there anything else?

Probably the URL's identifier added on the path...

> "Subject is privacy conscious, educated"


I was somewhat unnerved when I heard that -- my reaction being something along the lines of "Uhh, yeah, but who told you that?"

I'm curious how it determines these things, so I'm looking through the unminified JS, trying to understand it.

Now if it were to detect and call out that I was trying to reverse engineer it, that would be truly creepy.

I have a bunch of ad and tracker blockers installed, so in a certain sense I am "technically educated", but not classically so. :)

Turns out this was made not more than 10 minutes walking from where I am right now. Kind of cool to see.

and that is...?

Eindhoven, Netherlands (Source: https://clickclickclick.click/credit)

hmm? Did they just delete that page?

> Cannot GET /credit

On the right top you can click on Achievements; then again right top for Colophon. This brings me to https://clickclickclick.click/credits# but going there directly doesn't seem to work.

Also, specifically, Strijp-S in Eindhoven.

Is it open source?

I'd love to know this as well. Thanks.

It looks like it's all done in the javascript, so, yes.

(As far as I can tell the only thing it's fetching are the mp3 files, it's not talking to a backend.)

Edit: you're probably asking if it has a free license; that I don't know.

Wow this is very nice. It is like my dream. The inline aggregations are really cool too. Great demo!

EDIT: First saw this on mobile. Didn't realize there was sound. Distracting for me. Wish it wasn't there. (Well done, though.)

Is there anywhere I find a huge list of all these new weird domains?

Go to the source: https://newgtlds.icann.org/en/program-status/delegated-strin...

They may not all be available for registration, though.

Hmm. Tells me to open on a desktop computer but am on a desktop.

Yeah, it's messing with you, don't believe everything it says.

Hug of death? I'm getting loads of 500 errors.

It seems to work now.

They should have showed more info from the request headers, like the subject's type of computer and location based on IP.

That was interesting. Certainly kept my attention.

Looking at the source of the page, its own description is

"A browser-based game on online profiling"

which is even better than the current HN title.

Has anybody granted the camera permission?

Yep. It took a picture, insulted me then turned off the camera :D

Not exactly, the script decided that my browser doesn't support webcam und asked to reopen the website on another browser

How it knows how many cores CPU have?

Note that it's how many threads, not cores. I have a this CPU: http://ark.intel.com/products/84985/Intel-Core-i5-5257U-Proc... which the websites believes is 4 cores when really it's 2.

It's logical cores vs physical cores.


and if that's not supported but web workers are, you can guess that information pretty damn accurately by doing work in an increasing number of threads and looking for where you stop seeing little-to-no slowdown.

Surprising omissions: touch events, and zoom events.

Subject develops on a MacOS machine?

I would like to see the app equivalent of this.

Would be fun to see what other subjects are doing...

omg that is fun and freaky at the same time.

Awesome work.

hi score ?

???? (please turn on your sound) nothing else on the site here.

Same happened to me on Firefox first (and worked on Chrome), but then when I tried again in Firefox, it worked there too. Also told me "Firefox! hmmm ... Privacy, alternative etc.." :)

The 'Dutch English' is hugely annoying...

No it's not. It's pretty cute.

oh pleasche schqueesche me a fresch glasch of orangche jchuische. It's funny :)

I thought it was very funny. Kudos to the developer.


You didn't get that he was meant to sound like a possibly Austrian psychoanalyst?

I didn't know Austrians have Dutch accents.

Little know fact: Dutch have Austrian accents, and vice versa.

Where are you all getting Dutch from? He sounds generic Euro speaking English to me.

My first thought was "Hey, a also Dutch guy, heh".

Also the credit say its a Dutch creation: https://clickclickclick.click/credits

"Generic Euro"? I'm not sure where you're from but I'm German and I can't think of any European accent I'd consider "generic Euro". There are a few accents (e.g. Dutch/Swedish/Danish/Norwegian, German/Austrian/Swiss, Spanish/Portuguese) that sound similar to each other to me but they're generally still in distinct clusters.

A large enough sample of Europeans speaking English. Many of them are easily distinguished with a bit of practice. This guy is definitely Dutch.

It's definitely Dutch

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact